Delivery-Date: Sun, 27 Jul 2014 11:11:55 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5A0891E0A32
	for <archiver@seul.org>; Sun, 27 Jul 2014 11:11:51 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BB47E2FA9B;
	Sun, 27 Jul 2014 15:11:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4F0782FE79
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 15:00:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id u7ntcAowP4Ta for <tor-talk@lists.torproject.org>;
 Sun, 27 Jul 2014 15:00:46 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.200])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 300752F6E2
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 15:00:45 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus002)
 with ESMTPSA (Nemesis) id 0Lb5CR-1Wn7sg0CQj-00kdbL for
 <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 17:00:43 +0200
Message-ID: <53D5140E.7020507@gmx.com>
Date: Sun, 27 Jul 2014 10:00:30 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D400DA.6070203@gmx.com> <53D46E53.9030004@torservers.net>
In-Reply-To: <53D46E53.9030004@torservers.net>
X-Provags-ID: V03:K0:5kPld454m0NgBdxDrHNESCPQRqhv0U9j93PhRQRsJnNmBJCopav
 4GaiNXKvcFKHFca01J3aoDjl5KO/eQQm4uEiXpaI9bGNoq+kdXyBZ7xc56YyvyUJCOgl3iS
 Pd3n/o+x9Vpg4FKhNiXzJRnyz9m8YUwLOqjxPR5RqF7Ize9o3XtbmFOaWhoonoTcYLI4R1V
 eSypjCIshVvPN+vn1louQ==
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] User views on lesser of 2 evils_Tor FAQ on using
 java script
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 7/26/2014 10:13 PM, Moritz Bartl wrote:
> On 07/26/2014 09:26 PM, Joe Btfsplk wrote:
>> So, is it, "damned if I do, damned if I don't?"
> Basically, yes. A lot of users including me can cope with only
> selectively enabling Javascript, but I would strongly argue against
> making that the default. It is just too hard to understand for 'casual
> users' all the subtle ways disabled Javascript can break websites.
>
> I personally can live with 'losing some of my anonymity' due to the
> custom use of Javascript, but you must be well aware indeed.
>
My unprofessional reaction is, there's some discussion on this, but no 
scientific data / explanation why one way is the least worst.

Getting to that point may be difficult, but as is, seems Tor Project 
raises numerous questions but provides no real answers.

We have a product "to protect your anonymity."
"Oh, by the way... using JS may compromise it,
and not using it may compromise it (because it's enabled by default),
and using it intermittently may compromise it."

OK, that clears it up.  Even for fairly advanced users, that's not much 
help.
There seem to be very strict Tor / TBB design rules, down to the tiniest 
detail.

Then, the issue of java script is pretty much left wide open.
Many ignore it, like the elephant in the room.
Since a chain (or security / anonymity method) is only as strong as its 
weakest link, where does that leave TBB, considering the range of views 
& facts about java script?

Sometimes, seems this little detail (that might break the entire chain) 
is simply glossed over.  It's a tough subject, so we just won't dwell on it.
Obviously, Tor Project decided to leave it enabled.  But there's ongoing 
discussion about limiting exposure due to js.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

